{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T05:51:39Z","timestamp":1771307499571,"version":"3.50.1"},"reference-count":49,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2024]]},"DOI":"10.1109\/access.2024.3358612","type":"journal-article","created":{"date-parts":[[2024,1,25]],"date-time":"2024-01-25T18:31:08Z","timestamp":1706207468000},"page":"16715-16727","source":"Crossref","is-referenced-by-count":3,"title":["DTA: Run TrustZone TAs Outside the Secure World for Security Testing"],"prefix":"10.1109","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-2056-1452","authenticated-orcid":false,"given":"Juhyun","family":"Song","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering, Korea University, Seoul, South Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eunji","family":"Jo","sequence":"additional","affiliation":[{"name":"Samsung Electronics, Hwasung-si, South Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jaehyu","family":"Kim","sequence":"additional","affiliation":[{"name":"Samsung Electronics, Hwasung-si, South Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"TrustZone for Cortex\u2014A","year":"2023"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3291047"},{"key":"ref3","volume-title":"Building a Secure System Using TrustZone Technology","year":"2009"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00061"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"ref6","first-page":"789","article-title":"PARTEMU: Enabling dynamic analysis of real-world TrustZone software using emulation","volume-title":"Proc. 29th USENIX Conf. Secur. Symp.","author":"Harrison"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2023.03.008"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179302"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/HPCC-DSS-SmartCity-DependSys53884.2021.00126"},{"key":"ref10","volume-title":"Fuzzing Op-Tee With Afl","author":"Bogaard","year":"2019"},{"key":"ref11","volume-title":"The Road To Qualcomm Trust Zone Apps Fuzzing","author":"Makkaveev","year":"2019"},{"key":"ref12","volume-title":"Launching Feedback-driven Fuzzing on TrustZone TEE","author":"Akimov","year":"2019"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.14722\/bar.2020.23014"},{"key":"ref14","volume-title":"DTA: Run TAs Outside the Secure World","year":"2023"},{"key":"ref15","volume-title":"TrustZone Hardware Architecture","year":"2023"},{"key":"ref16","volume-title":"How the Secure Model Works","year":"2023"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.357"},{"key":"ref18","volume-title":"Trusty TEE","year":"2023"},{"key":"ref19","volume-title":"Samsung TEEGRIS","year":"2023"},{"key":"ref20","volume-title":"OP-TEE","year":"2023"},{"key":"ref21","volume-title":"TEE Internal Core API Specification Version 1.3.1","year":"2021"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.400"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3363824"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2946563"},{"key":"ref25","volume-title":"The Security Development Lifecycle","volume":"8","author":"Howard","year":"2006"},{"key":"ref26","article-title":"Oss-fuzz-Google\u2019s continuous fuzzing service for open source software","volume-title":"Proc. USENIX Secur. Symp.","author":"Serebryany"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00013"},{"key":"ref28","volume-title":"QEMU","year":"2012"},{"key":"ref29","volume-title":"OP-TEE Trusted OS","year":"2014"},{"key":"ref30","volume-title":"American Fuzzy Lop Plus Plus (AFL++)","year":"2019"},{"key":"ref31","volume-title":"Lighthouse\u2014A Coverage Explorer for Reverse Engineers","year":"2017"},{"key":"ref32","volume-title":"OP-TEE Fuzzer","year":"2019"},{"key":"ref33","first-page":"541","article-title":"vTZ: Virtualizing ARM TrustZone","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Hua"},{"key":"ref34","volume-title":"Breaking TEE Security Part 2: Exploiting Trusted Applications (TAs)","author":"Menarini","year":"2023"},{"key":"ref35","article-title":"Unearthing the TrustedCore: A critical review on Huawei trusted execution environment","volume-title":"Proc. 14th USENIX Workshop Offensive Technol.","author":"Busch"},{"key":"ref36","article-title":"Reflections on trusting TrustZone","author":"Rosenberg","year":"2014","journal-title":"BlackHat USA"},{"key":"ref37","first-page":"267","article-title":"Exploiting TrustZone on Android","volume":"2","author":"Shen","year":"2015","journal-title":"Black Hat USA"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23227"},{"key":"ref39","article-title":"Downgrade attack on TrustZone","author":"Chen","year":"2017","journal-title":"arXiv:1707.05082"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274704"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.34"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354201"},{"key":"ref43","volume-title":"Unbox Your Phone\u2014Exploring and Breaking Samsungs TrustZone Sandboxes","author":"Komaromy","year":"2023"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2020.3016773"},{"key":"ref45","first-page":"167","article-title":"kAFL: Hardware-assisted feedback fuzzing for OS kernels","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Schumilo"},{"key":"ref46","volume-title":"LCA: The Trinity Fuzz Tester","author":"Kerrisk","year":"2023"},{"key":"ref47","volume-title":"Coverage-Guided Kernel Fuzzing With Syzkaller","author":"Drysdale","year":"2023"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134069"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24018"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/10380310\/10414070.pdf?arnumber=10414070","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,6]],"date-time":"2024-02-06T22:32:35Z","timestamp":1707258755000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10414070\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":49,"URL":"https:\/\/doi.org\/10.1109\/access.2024.3358612","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]}}}